As we approach April 17, we get to deal with both filing our income taxes and a taxing bunch of patches from Microsoft and others. While the overall number of patches from Microsoft is light, we have four critical patches along with two important ones. They impact a wide array of platforms and applications including […]
As we approach April 17, we get to deal with both filing our income taxes and a taxing bunch of patches from Microsoft and others. While the overall number of patches from Microsoft is light, we have four critical patches along with two important ones. They impact a wide array of platforms and applications including Microsoft Windows, IE, .NET Microsoft Office, SQL Server, Windows Server, Developer Tools and Forefront. Most concerning is that some critical issues seem to impact Windows from the older legacy XP platform. Lately we have come to expect current Windows 7 and Windows 2008 platform issues.
Paul Henry, security and forensic analyst with Lumension, takes a closer look at the details from Microsoft.
Click through for a closer look at recent and upcoming patches, as identified by Paul Henry, security and forensic analyst with Lumension.
MS012-23 Rated Critical — Cumulative Security Update for Internet Explorer
Requires a restart. It impacts IE across family of platforms, corrects five privately reported issues and addresses a remote code issue.
MS012-24 Rated Critical — Vulnerability in Windows
Requires a restart. This vulnerability impacts third-party signed code and could be used in a man-in-the-middle attack.
MS012-25 Rated Critical — Vulnerability in .NET Framework
May require a restart. This is a .NET developer issue that could allow remote code execution.
MS012-27 Rated Critical — Vulnerability in Windows Common Controls Code
May require a restart. This is an Active X issue that impacts numerous applications; it could allow remote code execution.
MS012-26 Rated Important — Impacts ForeFront UAG
May require a restart. This vulnerability takes advantage of a UAG Direct Access issue and is an information disclosure issue.
MS012-28 Rated Important — Vulnerability in Microsoft Office
May require a restart. This is a Microsoft Office write access vulnerability that could allow remote code execution.
According to Henry, perhaps the bigger story this Patch Tuesday is Apple (and their lack of a formal Patch Tuesday like program).
Anyone with Internet access has been reading the stories of Apple products being impacted with yet more malware. This time around it is already impacting an estimated 600,000 Macs after snubbing the researchers that found the botnet. Apple eventually released a patch that, as always, played down any sense of urgency to empower users to make their own informed decision. If you just so happened to have checked for updates on your Mac recently you would have seen a note that a Java patch is available:
“Java for OS X 2012-001 delivers improved compatibility, security, and reliability by updating Java SE 6 to 1.6.0_31.”
The original patch from Apple was released on April 3rd and then quickly followed up with another patch on April 6th — it is assumed that a glitch in the original patch necessitated a second patch be released by Apple.
No mention from Apple that 600,000 users were infected or that the exploit is clearly being used in the wild. According to Henry, if Apple wants to be taken seriously as an enterprise player they have to stop trying to hide behind their issues and take a lesson from Microsoft. They need to own up to the vulnerabilities and provide users with enough information to make educated decisions regarding urgency in flaw remediation. Interesting to also note that it was about 7 weeks after Oracle released a patch for an eerily similar Java issue that Apple addressed the issue (albeit quietly).
Another recent patch worth mentioning this Patch Tuesday comes from Adobe that fixes two critical vulnerabilities in Flash Player across Solaris, Linux, Mac OS X and Windows platforms. Read more on the Adobe Flash Player patch here in the respective Adobe Security Bulletin.
Google released multiple patches for Chrome this Patch Tuesday period. The latest patch on April 9th addressed 12 security issues and followed the previous patch released just 8 days earlier.
Mozilla added vulnerable Java Plug-ins to its black list in efforts to protect users in its latest patch.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
